Sunday, October 25, 2015

Your app can open doors: Host Card Emulation

Your app can open doors or make payments or do other cool stuff. Host Card Emulation (HCE) is a technology that emulates a payment or access card on a mobile device using an app. Many Android devices that offer Near Field Communication (NFC) functionality already support NFC card emulation.

A card could be emulated by a separate chip in the device, called a Secure Element (SE). Android 4.4 introduces an additional method of card emulation that does not necessarily involve a Secure Element, called host based card emulation. This allows any Android application to emulate a card and talk directly to the NFC reader.

Using Host Card Emulation you can, for example, pay, travel or check into a hotel, but you need an phone running on Android 4.4 or above.

Any app on an Android 4.4 (or above) device can emulate an NFC smart card, letting users tap to initiate transactions with an app of their choice. Apps can also act as readers for HCE cards and other NFC-based transactions.

Playing with NFC tags is fun, but HCE is even more fun...

Get started

To get started with HCE for Android you can download the card emulator and the card reader examples from GitHub (Or you can use the New, Import sample option from the File menu within Android Studio -for OSX- for that). I have installed the emulator app on an Samsung Note 3. On a second device, a Nexus 5 to be precise, I have installed the card reader app.

After enabling NFC on both devices I am able to read the 'loyality card' that exists on the Note 3 device with the reader app on the Nexus 5 using NFC. That does work great, however I have not been able to do the same with a Samsung Galaxy S4 Mini (emulator app) and the Nexus 5 (reader app). For some reason, that I have not figured out yet, the examples do not work with the combination of these (and perhaps a few other) devices.

For a Windows 10 example you might want to check this link.

Secure element

A Secure Element (SE) securely stores card data and does some cryptographic processing.

During a payment transaction it emulates a card to authorize a transaction. The Secure Element could either be embedded in the phone or embedded in the SIM card.


Google wallet & Android Pay

Android Pay or Google wallet do not (yet) use a device based Secure Element. It uses Host card emulation (HCE) instead. The card emulation and the Secure Element are separated into different areas. It can also be implemented with a Secure Element chip, but this is not yet required.

Android Pay works for KitKat users and higher (Android 4.4+)

Samsung Pay

Samsung Pay works only for a small number of Samsung devices. It is built into Samsung’s Galaxy S6, S6 Edge, Note 5, and S6 Edge+. Samsung Pay uses (embedded) secure elements (and it supports HCE).

Since it uses both NFC and magnetic secure transmission (MST) to transmit payment information the service probably will work on more POS as is the case for Android Pay.

Apple Pay

Apple Pay uses a device based Secure Element and does not use HCE. It uses the Secure Element chip on the iPhone as part of the token-generation process and also to store fingerprint data.

I have not seen Apple Pay in action yet. I guess the most nearby opportunity will be in London, where you can use Apple Pay to travel by bus, tram, railway or underground.

Apple Pay works on iOS 8 and above. The functionality is available on the iPhone 6 and iPhone 6+ only.

Windows 10 & NFC HCE

Microsoft supports HCE NFC payments in Windows 10 (mobile). You can check out the Windows 10 HCE Tap to Pay demo on YouTube.


HCE is interesting technology and available for Android & Windows. Apple is doing things differently and, as it seems to be, in a better and a more secure way.

Since both Android and iOS do have their own audience, Android Pay and Apple Pay could perfectly exist next to each other. And then there is Samsung Pay, which probably will become a huge competitor for Android Pay.

And what about us, developers? Well, we have some new challenges and things to figure out...

Further reading

No comments:

Post a Comment